Wireshark is a useful tool in troubleshooting. However, if the traffic was encrypted (such as https between CUPS and Exchange), it's unreadable unless you can decrypt it.
Look at packet 11 in sniffer capture above. Application data was encrypted. There's not too much useful data in it.
To decrypt this data, we need the "private key" of the server certificate. You cannot get the private key from client side (such as web browsers). To get the private key, you need access to the server.
Step 1. Export the server certificate with private key
1-1: Go to IIS Admin > Right-click "Defautl Web Site" > Properties > "Directory Security" > "View Certificate".
1-2: Go to "Details" tab > "Copy to File" > Choose "Yes, export the private key"
1-3: You'll save the file in PKCS #12 (.PFX) with all three options UNCHECKED
1-4: You'll have to provide a password to protect the file. Because private key is a very sensitive information.
1-5: Save the file (system will add ".pfx" extension to the file name)
Now we have a PKCS #12 file (.pfx file).
Step 2: Extract the private key from .pfx file
openssl pkcs12 -in test.pfx -nocerts -out privateKey.pem -nodes
The command above take "test.pfx" as the input file, extract the private key, save it unencrypted in "privateKey.pem" file. You'll be asked for the password (where you entered on step 1-4).
Where to find openssl? Google!
Step 3: Go to Wireshark > Edit > Preferences > Protocols > SSL. In "RSA keys list", type the following:
Where "10.88.229.196" is the server IP. "443" is the port number (HTTPS). "http" is the protocol you want Wireshark decode to. "C:\privateKey.pem" is the file name of the private key. "SSL debug file" is optional.
Step 4: Once you click OK, you'll notice the changes on Wireshark screen. Now the data was decrypted!